PUA_PCCare.GA

Publish Date: 16 octobre 2018

Analysé par: Arvin Roi Macaraeg

Plate-forme:

Windows

Overall Risk:

Dommages potentiels: :

Distribution potentielle: :

reportedInfection:

Information Exposure Rating::

Faible

Medium

Élevé

Critique

Type de grayware:
Potentially Unwanted Application
Destructif:
Non
Chiffrement:
In the wild::
Oui

Overview

Détails techniques

File size: 4,836,224 bytes

File type: EXE

Memory resident: Non

Date de réception des premiers échantillons: 09 juillet 2018

Installation

Schleust die folgenden Dateien ein:

%User Temp%\is-{Random Characters}.tmp\{Malware FileName}.tmp
%User Temp%\is-{Random Character}.tmp\_isetup\_shfoldr.dll
%User Temp%\is-{Random Character}.tmp\_isetup\_iscrypt.dll
%User Temp%\is-{Random Character}.tmp\setup_en.bmp
%Program Files%\Smart - PC- Care for {PC Name}\unins000.exe
%Program Files%\Smart - PC- Care for {PC Name}\mpr.exe
%Program Files%\Smart - PC- Care for {PC Name}\mpr.exe.config
%Program Files%\Smart - PC- Care for {PC Name}\gtcmg.dll
%Program Files%\Smart - PC- Care for {PC Name}\Microsoft.Win32.TaskScheduler.dll
%Program Files%\Smart - PC- Care for {PC Name}\Newtonsoft.Json.dll
%Program Files%\Smart - PC- Care for {PC Name}\PaddleCheckoutSDK.dll
%Program Files%\Smart - PC- Care for {PC Name}\NAudio.dll
%Program Files%\Smart - PC- Care for {PC Name}\TAFactory.IconPack.dll
%Program Files%\Smart - PC- Care for {PC Name}\Interop.IWshRuntimeLibrary.dll
%Program Files%\Smart - PC- Care for {PC Name}\application.ico
%Program Files%\Smart - PC- Care for {PC Name}\x64\SQLite.Interop.dll
%Program Files%\Smart - PC- Care for {PC Name}\x86\SQLite.Interop.dll
%Program Files%\Smart - PC- Care for {PC Name}\System.Data.SQLite.DLL
%Program Files%\Smart - PC- Care for {PC Name}\HtmlRenderer.dll
%Program Files%\Smart - PC- Care for {PC Name}\HtmlRenderer.WinForms.dll
%ProgramData%\Smart - PC- Care for {PC Name}\mdb.db
%ProgramData%\Smart - PC- Care for {PC Name}\pcspstartrepair_en.mp3
%Program Files%\Smart - PC- Care for {PC Name}\langs.db
%Program Files%\Smart - PC- Care for {PC Name}\english_iss.ini
%Program Files%\Smart - PC- Care for {PC Name}\finish_iss.ini
%Program Files%\Smart - PC- Care for {PC Name}\French_iss.ini
%Program Files%\Smart - PC- Care for {PC Name}\german_iss.ini
%Program Files%\Smart - PC- Care for {PC Name}\italian_iss.ini
%Program Files%\Smart - PC- Care for {PC Name}\japanese_iss.ini
%Program Files%\Smart - PC- Care for {PC Name}\norwegian_iss.ini
%Program Files%\Smart - PC- Care for {PC Name}\portuguese_iss.ini
%Program Files%\Smart - PC- Care for {PC Name}\russian_iss.ini
%Program Files%\Smart - PC- Care for {PC Name}\spanish_iss.ini
%Program Files%\Smart - PC- Care for {PC Name}\swedish_iss.ini
%Program Files%\Smart - PC- Care for {PC Name}\danish_iss.ini
%Program Files%\Smart - PC- Care for {PC Name}\Dutch_iss.ini
%Program Files%\Driver Updater\unins000.exe
%Program Files%\Driver Updater\aptdu.exe
%Program Files%\Driver Updater\aptdu.exe.config
%Program Files%\Driver Updater\DUContent.dll
%Program Files%\Driver Updater\Microsoft.Win32.TaskScheduler.dll
%Program Files%\Driver Updater\TaskScheduler.dll
%Program Files%\Driver Updater\NAudio.dll
%Program Files%\Driver Updater\TAFactory.IconPack.dll
%Program Files%\Driver Updater\Interop.IWshRuntimeLibrary.dll
%Program Files%\Driver Updater\System.ServiceModel.dll
%Program Files%\Driver Updater\dp\7z.dll
%Program Files%\Driver Updater\dp\7z.exe
%Program Files%\Driver Updater\dp\difxapi.dll
%Program Files%\Driver Updater\dp\difxapi64.dll
%Program Files%\Driver Updater\dp\DPInst32.exe
%Program Files%\Driver Updater\dp\DPInst64.exe
%Program Files%\Driver Updater\dp\DriversPath.exe
%Program Files%\Driver Updater\dp\FileValidator.exe
%Program Files%\Driver Updater\Delimon.Win32.IO.dll
%Program Files%\Driver Updater\Langs\danish_du_da.ini
%Program Files%\Driver Updater\Langs\Dutch_du_nl.ini
%Program Files%\Driver Updater\Langs\english_du_en.ini
%Program Files%\Driver Updater\Langs\finish_du_fi.ini
%Program Files%\Driver Updater\Langs\French_du_fr.ini
%Program Files%\Driver Updater\Langs\german_du_de.ini
%Program Files%\Driver Updater\Langs\italian_du_it.ini
%Program Files%\Driver Updater\Langs\japanese_du_ja.ini
%Program Files%\Driver Updater\Langs\norwegian_du_no.ini
%Program Files%\Driver Updater\Langs\portuguese_du_ptbr.ini
%Program Files%\Driver Updater\Langs\russian_du_ru.ini
%Program Files%\Driver Updater\Langs\spanish_du_es.ini
%Program Files%\Driver Updater\Langs\swedish_du_sv.ini
%Program Files%\Driver Updater\danish_iss.ini
%Program Files%\Driver Updater\Dutch_iss.ini
%Program Files%\Driver Updater\english_iss.ini
%Program Files%\Driver Updater\finish_iss.ini
%Program Files%\Driver Updater\French_iss.ini
%Program Files%\Driver Updater\german_iss.ini
%Program Files%\Driver Updater\italian_iss.ini
%Program Files%\Driver Updater\japanese_iss.ini
%Program Files%\Driver Updater\norwegian_iss.ini
%Program Files%\Driver Updater\portuguese_iss.ini
%Program Files%\Driver Updater\russian_iss.ini
%Program Files%\Driver Updater\spanish_iss.ini
%Program Files%\Driver Updater\swedish_iss.ini

(Hinweis: %User Temp% ist der Ordner 'Temp' des aktuellen Benutzers, normalerweise C:\Dokumente und Einstellungen\{Benutzername}\Lokale Einstellungen\Temp unter Windows 2000, XP und Server 2003.. %Program Files%ist der Standardordner 'Programme', normalerweise C:\Programme.)

Andere Systemänderungen

Fügt die folgenden Registrierungseinträge als Teil der Installationsroutine hinzu:

HKEY_CURRENT_USER\Software\Microsoft\
RestartManager\Session0000
RegFiles0000 = "%Program Files%\Smart - PC- Care for {PC Name}\mpr.exe, %Program Files%\Smart - PC- Care for {PC Name}\gtcmg.dll, %Program Files%\Smart - PC- Care for {PC Name}\gtcmg.dll, %Program Files%\Smart - PC- Care for {PC Name}\Microsoft.Win32.TaskScheduler.dll, %Program Files%\Smart - PC- Care for {PC Name}\Newtonsoft.Json.dll, %Program Files%\Smart - PC- Care for {PC Name}\PaddleCheckoutSDK.dll, %Program Files%\Smart - PC- Care for {PC Name}\NAudio.dll, %Program Files%\Smart - PC- Care for {PC Name}\TAFactory.IconPack.dll, %Program Files%\Smart - PC- Care for {PC Name}\Interop.IWshRuntimeLibrary.dll, %Program Files%\Smart - PC- Care for {PC Name}\x64\SQLite.Interop.dll, %Program Files%\Smart - PC- Care for {PC Name}\x86\SQLite.Interop.dll, %Program Files%\Smart - PC- Care for {PC Name}\System.Data.SQLite.DLL, %Program Files%\Smart - PC- Care for {PC Name}\HtmlRenderer.dll, %Program Files%\Smart - PC- Care for {PC Name}\HtmlRenderer.WinForms.dll"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
TELNO = "({BLOCKED}-0124"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
ISTELNO = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
apst data = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
isshowng = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
issilent = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
affired = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
showwfo = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
ovoffdis = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
playsound = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
wfoset = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
country =

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
ipaddrurl = "http://www.{BLOCKED}v.com/getip/"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
prereg = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
showtn = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
cbkpoff = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
cta = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
showunins = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
isavst = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
isprmjsn = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
runcam = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
runsrc = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
runpixel = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
stdismax = "{BLOCKED}7295"

HKEY_LOCAL_MACHINE\SOFTWARE\scd-pr
utm_source = "msmsite"

HKEY_LOCAL_MACHINE\SOFTWARE\scd-pr
utm_campaign = "msmsite"

HKEY_LOCAL_MACHINE\SOFTWARE\scd-pr
utm_medium =

HKEY_LOCAL_MACHINE\SOFTWARE\scd-pr
affiliateid =

HKEY_LOCAL_MACHINE\SOFTWARE\scd-pr
pxl = "msmsite"

HKEY_LOCAL_MACHINE\SOFTWARE\scd-pr
x-at =

HKEY_LOCAL_MACHINE\SOFTWARE\scd-pr
x-context =

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
TELNO_us = "({BLOCKED}-0124"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
TELNO_uk = "{BLOCKED}1-5066"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
TELNO_gb = "{BLOCKED}1-5066"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
TELNO_au = "({BLOCKED}33403"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
TELNO_fr = "{BLOCKED} 04 06"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
TELNO_de = "{BLOCKED}22 974"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
TELNO_at = "+{BLOCKED} 902 309"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
TELNO_ch = "+{BLOCKED} 508 70 37"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
TELNO_lu = "{BLOCKED}22 974"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
TELNO_no = "+{BLOCKED} 01 97"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
TELNO_dk = "{BLOCKED} 09 26'

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
TELNO_nl = "{BLOCKED}882839"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
TELNO_be = "{BLOCKED}5306"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
TELNO_se = "{BLOCKED}4-10298"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
TELNO_ja =

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
TELNO_br = "{BLOCKED}91 4319"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
TELNO_it = "{BLOCKED}802886"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
TELNO_es = "{BLOCKED}03 537"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
TELNO_ar = "{BLOCKED}36 0324"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
TELNO_fi = "+{BLOCKED}270 4911"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
TELNO_pt = "{BLOCKED}50 2094"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
pdtm = "30"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
PurchaseURL = "http://store.{BLOCKED}n.site/smpc/price?"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
RenewURL = "http://store.{BLOCKED}n.site/smpc/renewal?"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
WebURL = "http://www.{BLOCKED}n.site/"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
EmailURL =

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
supporturl = "http://www.{BLOCKED}n.site/help/"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{GUID}_is1
Inno Setup: Setup Version = "5.5.8 (u)"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{GUID}_is1
Inno Setup: App Path = %Program Files%\Smart - PC- Care for {PC Name}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{GUID}_is1
InstallLocation = "%Program Files%\Smart - PC- Care for {PC Name}\"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{GUID}_is1
Inno Setup: Icon Group = "Smart - PC- Care for {PC Name}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{GUID}_is1
Inno Setup = {PC Name}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{GUID}_is1
Inno Setup: = "en"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{GUID}_is1
DisplayName = "Smart - PC- Care"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{GUID}_is1
DisplayIcon = "%Program Files%\Smart - PC- Care for {PC Name}\mpr.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{GUID}_is1
UninstallString = "%Program Files%\Smart - PC- Care for {PC Name}\unins000.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{GUID}_is1
QuietUninstallString = ""%Program Files%\Smart - PC- Care for {PC Name}\unins000.exe" /SILENT"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{GUID}_is1
DisplayVersion = "1.0.0.2"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{GUID}_is1
NoModify = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{GUID}_is1
NoRepair = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{GUID}_is1
InstallDate = {Date Installed}

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
paramurl = "http://trkr.{BLOCKED}iv.com/ipfiles/"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
plurl = "http://pp.{BLOCKED}iv.com/ProductPrice.svc/"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
buybowinapp = "http://store.{BLOCKED}n.site/smpc/plan?"

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
x-ccode = {Location}

HKEY_LOCAL_MACHINE\SOFTWARE\Smart - PC- Care For {PC Name}
dlllist = "CSITEST.DLL,PSMACHINE.DLL"

HKEY_LOCAL_MACHINE\SOFTWARE\driverdetails.com\
Driver Updater
TELNO = "{BLOCKED}-0124"

HKEY_LOCAL_MACHINE\SOFTWARE\driverdetails.com\
Driver Updater
ISTELNO = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\driverdetails.com\
Driver Updater
issilent = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\driverdetails.com\
Driver Updater
affired = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\driverdetails.com\
Driver Updater
showwfo = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\driverdetails.com\
Driver Updater
pxl = "DUM2865_DUM2798_DUM1440"

HKEY_LOCAL_MACHINE\SOFTWARE\driverdetails.com\
Driver Updater
prereg = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\driverdetails.com\
Driver Updater
showtn = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\driverdetails.com\
Driver Updater
delay = "30"

HKEY_LOCAL_MACHINE\SOFTWARE\driverdetails.com\
Driver Updater
bdInst = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\driverdetails.com\
Driver Updater
cbkpoff = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\driverdetails.com\
Driver Updater
showunins = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\driverdetails.com\
Driver Updater
utm_source = "dumsm"

HKEY_LOCAL_MACHINE\SOFTWARE\driverdetails.com\
Driver Updater
utm_campaign = "dumsm"

HKEY_LOCAL_MACHINE\SOFTWARE\driverdetails.com\
Driver Updater
utm_medium = "dumsm"

HKEY_LOCAL_MACHINE\SOFTWARE\driverdetails.com\
Driver Updater
PurchaseURL = "http://driverupdater.{BLOCKED}eshoppe.com/du/price?"

HKEY_LOCAL_MACHINE\SOFTWARE\driverdetails.com\
Driver Updater
RenewURL = "http://driverupdater.{BLOCKED}eshoppe.com/du/renewal?"

HKEY_LOCAL_MACHINE\SOFTWARE\driverdetails.com\
Driver Updater
WebURL = "http://www.{BLOCKED}details.com/"

HKEY_LOCAL_MACHINE\SOFTWARE\driverdetails.com\
Driver Updater
EmailURL = "driverupdater"

HKEY_LOCAL_MACHINE\SOFTWARE\driverdetails.com\
Driver Updater
supporturl = "http://www.{BLOCKED}details.com/help/"

PUA_PCCare.GA

Overview

Détails techniques

Ressources

Support

À propos de Trend

Siège social national

PUA_PCCare.GA

Overview

Détails techniques

Ressources

Support

À propos de Trend

Siège social national

Amérique

Moyen-Orient et Afrique

Europe

Asie-Pacifique